ILTOSEC

security research

iltosec

writeups & research

Blog

17 posts

categories

all Rce Xss CVE Ransomware File Upload Bypass Host Header Injection Authentication Bypass SSTI Command Injection Vulnerability Research Cloud AWS Injection

tags

Rce CMS CVE Ransomware File Upload Bypass snipe-it idor authorization-bypass privilege-escalation information-disclosure enumeration misconfiguration aws-s3 SQLI

SSTI·Rce·Command Injection · Rce

Whitebox Web Pentesting: Exploiting Flask Authentication & RCE in Chain Lab

A detailed walkthrough of **Chain Lab** from **CyberExam.io**, demonstrating a Flask web app's **authentication bypass**, **SQL injection**, **hash cracking**, and **RCE exploitation**. Learn how to chain web vulnerabilities for real-world penetration testing.

1371 9 2 min read

Rce·File Upload Bypass·Authentication Bypass · Rce·File Upload Bypass

Exploiting Flask Authentication and RCE Vulnerabilities – Chain Lab Writeup

Learn how to exploit Flask authentication and remote code execution (RCE) vulnerabilities in the Chain Lab challenge on CyberExam. This step-by-step writeup demonstrates bypassing Flask session authentication, uploading a reverse shell payload, and gaining full control over the system.

8676 11 4 min read

Host Header Injection · CMS

Host Header Injection Vulnerability in Plone CMS 6.0.13 - A Security Risk for Password Reset Process

Learn about the Host Header Injection vulnerability in Plone CMS 6.0.13, its impact on password reset emails and URL redirection, and recommended mitigations to protect your web application from malicious attacks.

1560 4 4 min read

CVE·File Upload Bypass · CVE·File Upload Bypass

CVE-2024-11404: Medium Severity File Upload Vulnerabilities in django-filer 3.2.3

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

5005 2 5 min read

Ransomware · Ransomware

What is Ransomware, How Does It Work, How Can We Be Protected?

Discover what ransomware is, how it works, its history, famous ransomware attacks, and effective strategies to protect yourself and your business from this dangerous malware.

1110 3 7 min read

Xss·CVE · CMS·CVE

Django CMS 4.1.3 Stored XSS Vulnerability: Exploiting the Page Title Field

CVE-2024-11319 Discover the stored XSS vulnerability in Django CMS 4.1.3 that affects the Page Title field. Learn about the security risks, exploitation methods, and remediation strategies to protect your site from potential attacks. CVE-2024-11319 stored XSS vulnerability, Django CMS 4.1.3, CVE-2024-11319, JavaScript injection, Django CMS 4.1.3 CVE-2024-11319, admin panel security, Cross-Site Scripting, security patch, CVE, content security policy, input sanitization

4485 15 3 min read

Remote Code Execution by Bypassing Cloudflare: CVE-2022–29464 Analysis

Explore the detection and exploitation of CVE-2022-29464, a critical vulnerability in WSO2 products that allows remote code execution. Learn how to bypass Cloudflare's security and achieve shell access with a custom web shell. This article provides a detailed step-by-step guide, highlighting important lessons in web application security and the need for constant testing and updating of defense mechanisms.

1916 7 8 min read

← prev 1 2